Protected Tags

Protected Tags allow control over who has permission to create tags as well as preventing accidental update or deletion once created. Each rule allows you to match either an individual tag name, or use wildcards to control multiple tags at once.

Overview

Protected tags will prevent anyone from updating or deleting the tag, as and will prevent creation of matching tags based on the permissions you have selected. By default, anyone without Maintainer permission will be prevented from creating tags.

Configuring protected tags

To protect a tag, you need to have at least Maintainer permission level.

Navigate to the project's Settings -> Repository page

From the Tag dropdown menu, select the tag you want to protect or type and click Create wildcard. In the screenshot below, we chose to protect all tags matching v*.

From the Allowed to create dropdown, select who will have permission to create matching tags and then click Protect.

Once done, the protected tag will appear in the "Protected tags" list.

Wildcard protected tags

You can specify a wildcard protected tag, which will protect all tags
matching the wildcard. For example:

Wildcard Protected Tag

Matching Tags

v*

v1.0.0, version-9.1

*-deploy

march-deploy, 1.0-deploy

*gitlab*

gitlab, gitlab/v1

*

v1.0.1rc2, accidental-tag

Two different wildcards can potentially match the same tag. For example,
*-stable and production-* would both match a production-stable tag.
In that case, if any of these protected tags have a setting like
"Allowed to create", then production-stable will also inherit this setting.

If you click on a protected tag's name, you will be presented with a list of
all matching tags: